Economist readers warned of PageFair hack a week following attack that hit 501 websites
Windows users were told to update Adobe Flash software, but malware was installed instead allowing hacker to log passwords and other information for a brief time
The PageFair hack that occurred late last week effected a number of publishers, some now getting around to warning their readers that they may have inadvertently downloaded malware. The Economist is the latest to post a warning.
The hack involves PageFair, an anti-ad blocking firm that provides free analytics to publishers. On Halloween, PageFair was hacked and when readers of 501 websites clicked on the site they were presented with a notice that they needed to update their Adobe Flash software – a far to common sight for web readers. But clicking on the link would instead load malware that would that log the users passwords, takes webcam snapshots, and regularly reports back to a hacker’s server.
The malware, of course, only effects those using Windows (Mac users, stop laughing, it is unbecoming of you).
The malware is particularly nasty, not only for the password logging, but it appears to effect so much more.
“We have received reports that the malware in question causes unexpected behaviors in certain Microsoft products such as Word, Excel, and Outlook,” Blanchfield wrote on the second day following the attack.
The Economist today posted a warning to readers recommending that they take action.
“If you visited economist.com (or, in fact, the websites of any of its 500 other customers) at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC,” The Economist warned readers.
The magazine placed a blue banner across its home page (see above) to notify readers. (Is the lesson here not to put Angela Merkel on your cover?)
The use of PageFair is, of course, a response to the growing use of ad-blockers by web readers. Unfortunately, the solution appears to be only turning off readers to these media outlets – though that might be just as well. After all, if publishers are not willing to end the practice of running obnoxious advertising (we’re talking about you Gannett) then a loss of web traffic should be the result. It is just a shame that other publishers, who care more about the reading experience of their web users will be effected by ad-blockers, as well.
Update: A representative of The Economist reached out to TNM this afternoon and supplied this statement:
The specialist company we engaged, Tempest, has just informed us the software is a keylogger – a type of surveillance software that has the capability to record every keystroke made by someone who has downloaded the malware – and this may compromise a user’s personal data such as passwords and bank and credit card details. We have now taken action to inform visitors to economist.com via this page. Please note that economist.com’s own systems have not been compromised; therefore any data we hold on our customers remains secure.
The Economist takes cybersecurity extremely seriously and strives to maintain the highest level of protection for our customers.